MS Removal Tool, Bildschrim bleibt schwarz

selAce · 03.04.2011, 14:34

Hallo,

ich habe ein großes Problem mit dem fake "MS Removal Tool". Wie hier im Forum shcon in einigen anderen Threads beschrieben habe ich mir auch dieses Programm eingefangen mit den üblichen Symptomen. Daraufhin habe ich genau die Anleitung aus dem 2. Post unter folgendem Link befolgt: http://www.trojaner-board.de/96914-m...entfernen.html

Die Logfiles müssten im Anhang sein.

So weit so gut. Nachdem ich die beschriebenen Punkte ausgeführt habe, wollte ich meinen Laptop wieder im normalen Modus starten. Allerdings bleibt mein Bildschirm nach dem Anmelden schwarz und ich kann nur noch den Taskmanager starten und wieder im abgesicherten Modus starten. Was soll ich nun tun? Gibt es eine andere Lösung außer "Format C" ?

Vielen Dank schon mal und beste Grüße

cosinus · 03.04.2011, 15:27

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Der abgesicherte Modus funktioniert noch?

selAce · 03.04.2011, 15:34

Weitere Logs von Malwarebytes gibt es nicht. Die entsprechenden Dateien wurden auch in Quarantäne verschoben.

Der abgesicherte Modus funktioniert noch!

cosinus · 03.04.2011, 15:50

Zitat:

O4 - HKLM..\Run: [avast5] C:\Program Files\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

Wieso hast du Avast und AntiVir drauf?! Sowas sollte man tunlichst sein lassen. Bitte deinstalliere eins der beiden. Nur Malwarebytes und SUPERAntiSpyware vertragen sich mit anderen Scannern.

selAce · 03.04.2011, 15:59

Ok, muss ich diesbezüglich dann noch mehr beachten?
Ich habe jetzt zwar eins der beiden Programme deinstalliert, jedoch besteht mein Problem weiterhin, dass der Hintergrund nach der Anmeldung schwarz bleibt.

cosinus · 03.04.2011, 16:03

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2011.04.03 12:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\iHc31001aInAf31001
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

selAce · 03.04.2011, 16:27

Hier die Logdatei:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Folder C:\ProgramData\iHc31001aInAf31001\ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: elephant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: ***
->Temp folder emptied: 181576447 bytes
->Temporary Internet Files folder emptied: 368681584 bytes
->Java cache emptied: 5933943 bytes
->FireFox cache emptied: 104372470 bytes
->Flash cache emptied: 120341 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7967211 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 638,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04032011_171536

cosinus · 03.04.2011, 16:31

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

selAce · 03.04.2011, 17:06

Hier die Logdatei:

Code:

ATTFilter

ComboFix 11-04-02.05 - Thilo 03.04.2011  17:51:17.1.2 - x86 NETWORK
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.3067.2591 [GMT 2:00]
ausgeführt von:: c:\users\***\Downloads\cofi.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WMPNetworkSvc
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-03 bis 2011-04-03  ))))))))))))))))))))))))))))))
.
.
2011-04-03 15:55 . 2011-04-03 15:55	--------	d-----w-	c:\users\elephant\AppData\Local\temp
2011-04-03 15:15 . 2011-04-03 15:15	--------	d-----w-	C:\_OTL
2011-04-03 11:40 . 2011-04-03 11:40	--------	d-----w-	c:\users\Thilo\AppData\Roaming\Malwarebytes
2011-04-03 11:40 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-03 11:40 . 2011-04-03 11:40	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-03 11:40 . 2011-04-03 11:40	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-04-03 11:40 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-03 10:38 . 2011-04-03 12:23	--------	d-----w-	c:\programdata\iHc31001aInAf31001
2011-04-01 08:46 . 2011-03-15 04:05	6792528	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4DD0520-5F58-47E8-82B5-8ED1BEC2B0F7}\mpengine.dll
2011-03-12 11:28 . 2011-03-12 11:28	103864	----a-w-	c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-09 11:22 . 2011-02-19 05:33	802304	----a-w-	c:\windows\system32\FntCache.dll
2011-03-09 11:22 . 2011-02-19 05:32	1074176	----a-w-	c:\windows\system32\DWrite.dll
2011-03-09 11:22 . 2011-02-19 05:32	739840	----a-w-	c:\windows\system32\d2d1.dll
2011-03-09 11:22 . 2010-12-23 05:28	850432	----a-w-	c:\windows\system32\sbe.dll
2011-03-09 11:22 . 2010-12-23 05:28	642048	----a-w-	c:\windows\system32\CPFilters.dll
2011-03-09 11:22 . 2010-12-23 05:28	534528	----a-w-	c:\windows\system32\EncDec.dll
2011-03-09 11:22 . 2010-12-23 05:24	199680	----a-w-	c:\windows\system32\mpg2splt.ax
2011-03-09 11:22 . 2010-12-18 05:30	2690560	----a-w-	c:\windows\system32\mstscax.dll
2011-03-09 11:22 . 2010-12-18 05:26	1034240	----a-w-	c:\windows\system32\mstsc.exe
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-24 13:56 . 2010-06-24 09:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-03 05:45 . 2011-02-09 09:17	219008	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 17:11 . 2010-07-05 20:36	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-01-13 08:47 . 2010-07-05 21:42	38848	----a-w-	c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-07-05 21:42	188216	----a-w-	c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-07-05 21:43	294608	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-07-05 21:43	47440	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2010-07-05 21:43	23632	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-07-05 21:43	51280	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2010-07-05 21:43	17744	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-01-07 07:31 . 2011-02-23 09:56	442880	----a-w-	c:\windows\system32\XpsPrint.dll
2011-01-07 07:31 . 2011-02-23 09:56	288256	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:27 . 2011-02-09 09:17	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-01-07 05:33 . 2011-02-09 09:17	294400	----a-w-	c:\windows\system32\atmfd.dll
2011-01-05 05:37 . 2011-02-09 09:17	428032	----a-w-	c:\windows\system32\vbscript.dll
2011-01-05 03:37 . 2011-02-09 09:17	2329088	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"OTL"="c:\users\Thilo\Downloads\OTL.exe" [2011-04-03 580608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Thilo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Thilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07	932288	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX210 Series]
2008-11-05 04:00	199680	----a-w-	c:\windows\System32\spool\drivers\w32x86\3\E_FATIFDE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-27 12:20	133432	----a-w-	c:\program files\ICQ7.2\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43	248040	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-12-07 22:23	74752	----a-w-	c:\program files\Winamp\winampa.exe
.
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-02-01 65536]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\users\Thilo\Desktop\Neuer Ordner\kerneld.wnt [x]
R3 iMSPQMn;iMSPQMn;c:\users\Thilo\AppData\Local\Temp\iMSPQMn.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-06-28 1310720]
R4 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe [2009-08-10 93848]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Free YouTube to Mp3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\flx6yod6.default\
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKLM-RunOnce-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\users\***\Desktop\Neuer Ordner\kerneld.wnt"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-03  18:03:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-04-03 16:03
.
Vor Suchlauf: 10 Verzeichnis(se), 90.376.036.352 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 90.153.193.472 Bytes frei
.
- - End Of File - - 2F434D7C267F3634027AE879EA52EA82

cosinus · 03.04.2011, 17:07

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

selAce · 03.04.2011, 17:21

Code:

ATTFilter

2011/04/03 18:17:46.0810 1608	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/03 18:17:47.0091 1608	================================================================================
2011/04/03 18:17:47.0091 1608	SystemInfo:
2011/04/03 18:17:47.0091 1608	
2011/04/03 18:17:47.0091 1608	OS Version: 6.1.7600 ServicePack: 0.0
2011/04/03 18:17:47.0091 1608	Product type: Workstation
2011/04/03 18:17:47.0091 1608	ComputerName: ***-PC
2011/04/03 18:17:47.0091 1608	UserName: ***
2011/04/03 18:17:47.0091 1608	Windows directory: C:\Windows
2011/04/03 18:17:47.0091 1608	System windows directory: C:\Windows
2011/04/03 18:17:47.0091 1608	Processor architecture: Intel x86
2011/04/03 18:17:47.0091 1608	Number of processors: 2
2011/04/03 18:17:47.0091 1608	Page size: 0x1000
2011/04/03 18:17:47.0091 1608	Boot type: Safe boot with network
2011/04/03 18:17:47.0091 1608	================================================================================
2011/04/03 18:17:47.0449 1608	Initialize success
2011/04/03 18:17:55.0764 1280	================================================================================
2011/04/03 18:17:55.0764 1280	Scan started
2011/04/03 18:17:55.0764 1280	Mode: Manual; 
2011/04/03 18:17:55.0764 1280	================================================================================
2011/04/03 18:17:57.0745 1280	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/03 18:17:57.0792 1280	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/03 18:17:57.0948 1280	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/03 18:17:58.0011 1280	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/03 18:17:58.0151 1280	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/03 18:17:58.0198 1280	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/03 18:17:58.0369 1280	AFD             (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/04/03 18:17:58.0401 1280	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/03 18:17:58.0557 1280	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/04/03 18:17:58.0728 1280	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/03 18:17:58.0744 1280	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/04/03 18:17:58.0775 1280	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/03 18:17:58.0915 1280	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/03 18:17:58.0947 1280	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/03 18:17:59.0009 1280	amdsata         (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/03 18:17:59.0134 1280	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/03 18:17:59.0165 1280	amdxata         (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/03 18:17:59.0321 1280	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/04/03 18:17:59.0493 1280	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/04/03 18:17:59.0524 1280	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/03 18:17:59.0586 1280	aswFsBlk        (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\Windows\system32\drivers\aswFsBlk.sys
2011/04/03 18:17:59.0711 1280	aswMonFlt       (317f85fb68a3be507e9ccede5e6d9ee0) C:\Windows\system32\drivers\aswMonFlt.sys
2011/04/03 18:17:59.0773 1280	aswRdr          (b6e8c5874377a42756c282fac2e20836) C:\Windows\system32\drivers\aswRdr.sys
2011/04/03 18:17:59.0805 1280	aswSP           (b93a553c9b0f14263c8f016a44c3258c) C:\Windows\system32\drivers\aswSP.sys
2011/04/03 18:17:59.0929 1280	aswTdi          (1408421505257846eb336feeef33352d) C:\Windows\system32\drivers\aswTdi.sys
2011/04/03 18:17:59.0992 1280	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/03 18:18:00.0023 1280	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/03 18:18:00.0195 1280	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/04/03 18:18:00.0335 1280	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/03 18:18:00.0522 1280	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/04/03 18:18:00.0569 1280	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/03 18:18:00.0725 1280	bowser          (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/03 18:18:00.0741 1280	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/03 18:18:00.0787 1280	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/03 18:18:00.0834 1280	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/04/03 18:18:00.0975 1280	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/03 18:18:00.0990 1280	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/03 18:18:01.0021 1280	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/03 18:18:01.0162 1280	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/03 18:18:01.0427 1280	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/03 18:18:01.0505 1280	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/03 18:18:01.0630 1280	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/03 18:18:01.0692 1280	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/04/03 18:18:01.0848 1280	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/03 18:18:01.0895 1280	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/03 18:18:01.0942 1280	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/04/03 18:18:02.0067 1280	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/03 18:18:02.0129 1280	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/03 18:18:02.0176 1280	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/03 18:18:02.0316 1280	CSC             (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/04/03 18:18:02.0441 1280	DfsC            (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/04/03 18:18:02.0566 1280	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/04/03 18:18:02.0613 1280	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/04/03 18:18:02.0722 1280	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/04/03 18:18:02.0831 1280	DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/03 18:18:03.0049 1280	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/04/03 18:18:03.0237 1280	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/03 18:18:03.0283 1280	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/03 18:18:03.0486 1280	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/04/03 18:18:03.0502 1280	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/04/03 18:18:03.0564 1280	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/03 18:18:03.0689 1280	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/04/03 18:18:03.0705 1280	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/04/03 18:18:03.0751 1280	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/03 18:18:03.0876 1280	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/04/03 18:18:03.0923 1280	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/04/03 18:18:03.0970 1280	fssfltr         (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/04/03 18:18:04.0079 1280	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/03 18:18:04.0157 1280	fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/03 18:18:04.0266 1280	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/03 18:18:04.0313 1280	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/03 18:18:04.0375 1280	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/04/03 18:18:04.0500 1280	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/03 18:18:04.0547 1280	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/03 18:18:04.0578 1280	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/03 18:18:04.0687 1280	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/03 18:18:04.0750 1280	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/03 18:18:04.0890 1280	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/03 18:18:04.0968 1280	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/04/03 18:18:05.0077 1280	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/03 18:18:05.0124 1280	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/03 18:18:05.0218 1280	iaStorV         (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/03 18:18:05.0327 1280	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/03 18:18:05.0577 1280	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/03 18:18:05.0623 1280	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/03 18:18:05.0655 1280	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/03 18:18:05.0779 1280	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/03 18:18:05.0811 1280	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/04/03 18:18:05.0873 1280	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/04/03 18:18:05.0967 1280	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/03 18:18:06.0013 1280	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/03 18:18:06.0138 1280	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/03 18:18:06.0201 1280	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/03 18:18:06.0310 1280	KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/03 18:18:06.0341 1280	KSecPkg         (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/03 18:18:06.0513 1280	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/03 18:18:06.0575 1280	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/03 18:18:06.0591 1280	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/03 18:18:06.0700 1280	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/03 18:18:06.0747 1280	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/03 18:18:06.0887 1280	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/04/03 18:18:06.0934 1280	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/03 18:18:06.0981 1280	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/03 18:18:07.0121 1280	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/04/03 18:18:07.0168 1280	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/03 18:18:07.0215 1280	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/03 18:18:07.0355 1280	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/03 18:18:07.0371 1280	mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/04/03 18:18:07.0417 1280	mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/03 18:18:07.0558 1280	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/03 18:18:07.0573 1280	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/04/03 18:18:07.0651 1280	mrxsmb          (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/03 18:18:07.0745 1280	mrxsmb10        (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/03 18:18:07.0776 1280	mrxsmb20        (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/03 18:18:07.0839 1280	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/03 18:18:07.0932 1280	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/03 18:18:07.0979 1280	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/04/03 18:18:08.0041 1280	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/03 18:18:08.0151 1280	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/03 18:18:08.0213 1280	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/03 18:18:08.0307 1280	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/03 18:18:08.0338 1280	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/04/03 18:18:08.0369 1280	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/04/03 18:18:08.0447 1280	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/03 18:18:08.0556 1280	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/04/03 18:18:08.0587 1280	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/03 18:18:08.0634 1280	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/04/03 18:18:08.0759 1280	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/03 18:18:08.0853 1280	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/04/03 18:18:08.0977 1280	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/03 18:18:09.0040 1280	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/03 18:18:09.0071 1280	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/03 18:18:09.0180 1280	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/03 18:18:09.0211 1280	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/04/03 18:18:09.0258 1280	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/03 18:18:09.0367 1280	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/03 18:18:09.0664 1280	NETw5s32        (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys
2011/04/03 18:18:10.0038 1280	netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/04/03 18:18:10.0257 1280	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/03 18:18:10.0303 1280	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/04/03 18:18:10.0475 1280	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/03 18:18:10.0522 1280	Ntfs            (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/04/03 18:18:10.0693 1280	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/04/03 18:18:10.0849 1280	NVHDA           (b4f70fac4ea61cf150823aa063a39ff9) C:\Windows\system32\drivers\nvhda32v.sys
2011/04/03 18:18:11.0115 1280	nvlddmkm        (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/03 18:18:11.0489 1280	nvraid          (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/03 18:18:11.0520 1280	nvstor          (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/03 18:18:11.0676 1280	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/03 18:18:11.0707 1280	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/03 18:18:11.0832 1280	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/04/03 18:18:11.0863 1280	partmgr         (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/04/03 18:18:11.0895 1280	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/03 18:18:12.0066 1280	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/04/03 18:18:12.0082 1280	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/03 18:18:12.0113 1280	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/03 18:18:12.0269 1280	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/04/03 18:18:12.0300 1280	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/04/03 18:18:12.0519 1280	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/03 18:18:12.0565 1280	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/04/03 18:18:12.0721 1280	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/03 18:18:12.0799 1280	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/03 18:18:12.0940 1280	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/03 18:18:12.0971 1280	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/03 18:18:12.0987 1280	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/03 18:18:13.0143 1280	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/03 18:18:13.0174 1280	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/03 18:18:13.0299 1280	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/03 18:18:13.0345 1280	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/03 18:18:13.0470 1280	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/03 18:18:13.0533 1280	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/03 18:18:13.0642 1280	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/03 18:18:13.0689 1280	RDPDR           (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/04/03 18:18:13.0751 1280	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/03 18:18:13.0860 1280	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/03 18:18:13.0891 1280	RDPWD           (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/04/03 18:18:13.0954 1280	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/04/03 18:18:14.0126 1280	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/03 18:18:14.0172 1280	s3cap           (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/04/03 18:18:14.0313 1280	SANDRA          (230fd3749904ca045ea5ec0aa14006e9) C:\Program Files\SiSoftware Sandra Lite 2010.SP2\WNt500x86\Sandra.sys
2011/04/03 18:18:14.0484 1280	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/03 18:18:14.0516 1280	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/03 18:18:14.0687 1280	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/03 18:18:14.0750 1280	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/03 18:18:14.0781 1280	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/04/03 18:18:14.0906 1280	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/03 18:18:14.0952 1280	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/03 18:18:14.0999 1280	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/03 18:18:15.0093 1280	sffp_sd         (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/03 18:18:15.0140 1280	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/03 18:18:15.0171 1280	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/04/03 18:18:15.0311 1280	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/03 18:18:15.0342 1280	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/03 18:18:15.0389 1280	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/04/03 18:18:15.0545 1280	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/04/03 18:18:15.0623 1280	srv             (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/04/03 18:18:15.0764 1280	srv2            (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/03 18:18:15.0810 1280	srvnet          (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/03 18:18:15.0966 1280	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/03 18:18:15.0998 1280	storflt         (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/04/03 18:18:16.0060 1280	storvsc         (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/04/03 18:18:16.0169 1280	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/03 18:18:16.0247 1280	Tcpip           (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/04/03 18:18:16.0434 1280	TCPIP6          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/03 18:18:16.0590 1280	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/03 18:18:16.0622 1280	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/04/03 18:18:16.0653 1280	TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/03 18:18:16.0778 1280	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/03 18:18:16.0809 1280	TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/03 18:18:16.0980 1280	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/03 18:18:17.0090 1280	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/03 18:18:17.0214 1280	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/03 18:18:17.0261 1280	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/03 18:18:17.0402 1280	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/03 18:18:17.0433 1280	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/03 18:18:17.0495 1280	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/03 18:18:17.0620 1280	usbccgp         (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/03 18:18:17.0651 1280	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/03 18:18:17.0698 1280	usbehci         (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/03 18:18:17.0854 1280	usbhub          (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/03 18:18:17.0901 1280	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/03 18:18:18.0057 1280	USBPNPA         (41b758cff0a3c10a69e088f440677399) C:\Windows\system32\drivers\CM108.sys
2011/04/03 18:18:18.0213 1280	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/03 18:18:18.0291 1280	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/03 18:18:18.0431 1280	USBSTOR         (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/03 18:18:18.0462 1280	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/03 18:18:18.0603 1280	usbvideo        (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2011/04/03 18:18:18.0665 1280	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/03 18:18:18.0790 1280	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/03 18:18:18.0821 1280	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/04/03 18:18:18.0852 1280	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/03 18:18:18.0993 1280	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/04/03 18:18:19.0024 1280	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/04/03 18:18:19.0055 1280	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/03 18:18:19.0196 1280	vmbus           (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/04/03 18:18:19.0211 1280	VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/04/03 18:18:19.0352 1280	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/03 18:18:19.0383 1280	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/04/03 18:18:19.0398 1280	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/03 18:18:19.0539 1280	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/03 18:18:19.0570 1280	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/04/03 18:18:19.0710 1280	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/04/03 18:18:19.0757 1280	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/03 18:18:19.0898 1280	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/03 18:18:19.0913 1280	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/03 18:18:19.0960 1280	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/04/03 18:18:20.0007 1280	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/03 18:18:20.0210 1280	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/03 18:18:20.0241 1280	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/04/03 18:18:20.0459 1280	WinUsb          (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/04/03 18:18:20.0522 1280	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/03 18:18:20.0646 1280	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/03 18:18:20.0693 1280	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/04/03 18:18:20.0756 1280	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/03 18:18:20.0880 1280	yukonw7         (30b73eb97218a16cbc6de535782a1b35) C:\Windows\system32\DRIVERS\yk62x86.sys
2011/04/03 18:18:20.0958 1280	================================================================================
2011/04/03 18:18:20.0958 1280	Scan finished
2011/04/03 18:18:20.0958 1280	================================================================================

cosinus · 03.04.2011, 17:29

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

selAce · 03.04.2011, 17:46

Log mit GMER:

Code:

ATTFilter

GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-03 18:45:31
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3252GSX rev.LV011E
Running: 4ijrz3qv.exe; Driver: C:\Users\Thilo\AppData\Local\Temp\ugloipod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwSaveKeyEx + 13B1         820448A9 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2  82064312 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           autochk.exe                             004311D1 73 Bytes  [10, 08, FE, 75, 41, 8B, 4D, ...]
.text           autochk.exe                             0043121B 4 Bytes  [0F, 84, C8, 00]
.text           autochk.exe                             00431220 129 Bytes  [00, 83, 7D, 18, 00, 7E, 6D, ...]
.text           autochk.exe                             004312A2 1 Byte  [00]
.text           autochk.exe                             004312A2 7 Bytes  [00, 00, C7, 44, 01, 04, 00]
.text           ...                                     

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\tdx \Device\Tcp                 aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004a       halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

selAce · 03.04.2011, 17:51

Log mit OSAM:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:51:11 on 03.04.2011

OS: Windows 7  (Build 7600), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.7600.16385

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys
"aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\system32\drivers\aswRdr.sys
"aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys
"catchme" (catchme) - ? - C:\Users\Thilo\AppData\Local\Temp\catchme.sys  (File not found)
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys
"iMSPQMn" (iMSPQMn) - ? - C:\Users\Thilo\AppData\Local\Temp\iMSPQMn.sys  (File not found)
"Lavalys EVEREST Kernel Driver" (EverestDriver) - ? - C:\Users\Thilo\Desktop\Neuer Ordner\kerneld.wnt  (File not found)
"SANDRA" (SANDRA) - "SiSoftware" - C:\Program Files\SiSoftware Sandra Lite 2010.SP2\WNt500x86\Sandra.sys
"ugloipod" (ugloipod) - ? - C:\Users\Thilo\AppData\Local\Temp\ugloipod.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\Avast5\ashShell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\OFFICE11\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{74DBCB52-F298-4110-951D-AD2FF67BC8AB} "NVIDIA Smart Scan" - "NVIDIA" - C:\Windows\DOWNLO~1\NVIDIA~1.OCX / hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
{1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\Windows\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files\Windows Live\Companion\companionlang.dll,-600" - "Microsoft Corporation" - C:\Program Files\Windows Live\Companion\companioncore.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
"PartyPoker.com" - ? - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{9FDDE16B-836F-4806-AB1F-1455CBEFF289} "Windows Live Messenger Companion Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Companion\companioncore.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Thilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )-----
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
"OTL" - "OldTimer Tools" - "C:\Users\Thilo\Downloads\OTL.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"EPSON SX210 Series 32MonitorBE" - "SEIKO EPSON CORPORATION" - C:\Windows\system32\E_FLBFDE.DLL
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\Avast5\AvastSvc.exe
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PostgreSQL Database Server 8.3" (pgsql-8.3) - "PostgreSQL Global Development Group" - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE
"Windows Live Family Safety Service" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

selAce · 03.04.2011, 17:54

Und zu guter Letzt die .txt-Datei des MBRCheck:

Code:

ATTFilter

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows 7 Professional
Windows Information:		 (build 7600), 32-bit
Base Board Manufacturer:	SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer:		Phoenix Technologies Ltd.
System Manufacturer:		SAMSUNG ELECTRONICS CO., LTD.
System Product Name:		R710
Logical Drives Mask:		0x0000001c

Kernel Drivers (total 162):
  0x8200F000 \SystemRoot\system32\ntoskrnl.exe
  0x82410000 \SystemRoot\system32\halmacpi.dll
  0x80BD0000 \SystemRoot\system32\kdcom.dll
  0x8AC1E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8AC96000 \SystemRoot\system32\PSHED.dll
  0x8ACA7000 \SystemRoot\system32\BOOTVID.dll
  0x8ACAF000 \SystemRoot\system32\CLFS.SYS
  0x8ACF1000 \SystemRoot\system32\CI.dll
  0x8AD9C000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8AE0D000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8AE1B000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x8AE63000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
  0x8AE6C000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x8AE74000 \SystemRoot\system32\DRIVERS\pci.sys
  0x8AE9E000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x8AEA9000 \SystemRoot\System32\drivers\partmgr.sys
  0x8AEBA000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x8AEC2000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8AECD000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x8AEDD000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8AF28000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8AF3E000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x8AF47000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x8AF6A000 \SystemRoot\system32\DRIVERS\msahci.sys
  0x8AF74000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x8AF82000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x8AF8B000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8AFBF000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8B006000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8B135000 \SystemRoot\System32\Drivers\msrpc.sys
  0x8B160000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8B173000 \SystemRoot\System32\Drivers\cng.sys
  0x8B1D0000 \SystemRoot\System32\drivers\pcw.sys
  0x8B1DE000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x8B1E7000 \SystemRoot\system32\drivers\ndis.sys
  0x8B29E000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8B2DC000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x8B431000 \SystemRoot\System32\drivers\tcpip.sys
  0x8B57A000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8B5AB000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
  0x8B5B4000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x8B5FB000 \SystemRoot\System32\drivers\rdyboost.sys
  0x8B628000 \SystemRoot\System32\Drivers\mup.sys
  0x8B638000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x8B640000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x8B672000 \SystemRoot\system32\DRIVERS\disk.sys
  0x8B683000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x8B6DB000 \SystemRoot\System32\Drivers\Null.SYS
  0x8B6E2000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8B6E9000 \SystemRoot\System32\drivers\vga.sys
  0x8B6F5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8B716000 \SystemRoot\System32\drivers\watchdog.sys
  0x8B723000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8B72B000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8B736000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8B744000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8B75B000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8B770000 \SystemRoot\system32\drivers\afd.sys
  0x8B7CA000 \SystemRoot\System32\Drivers\aswRdr.SYS
  0x8B301000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8B7CF000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x8B7D6000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8B400000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x8B411000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8B333000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8B41F000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8B374000 \SystemRoot\system32\drivers\csc.sys
  0x8B3D8000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8AFD0000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8B7F5000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x9003B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x90086000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x90095000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x9040A000 \SystemRoot\system32\DRIVERS\NETw5s32.sys
  0x90A86000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x90A90000 \SystemRoot\system32\DRIVERS\yk62x86.sys
  0x90AE1000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x90AF9000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x90B06000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x90B13000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x90B32000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x90B40000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x90B4D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x90B57000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x90B69000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x90B81000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x90B8C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x90BAE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x90BC6000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x90BDD000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x90BF4000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x900B4000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x90BFE000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x900C4000 \SystemRoot\system32\DRIVERS\ks.sys
  0x900F8000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x90106000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x9014A000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x81110000 \SystemRoot\System32\win32k.sys
  0x90400000 \SystemRoot\System32\drivers\Dxapi.sys
  0x81360000 \SystemRoot\System32\drivers\dxg.sys
  0x81390000 \SystemRoot\System32\TSDDD.dll
  0x9015B000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x81010000 \SystemRoot\System32\framebuf.dll
  0x90171000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x90188000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x9018A000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x90195000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x901A8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x901AF000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x901BA000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x901C7000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x901D2000 \SystemRoot\System32\Drivers\dump_msahci.sys
  0x901DC000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x81020000 \SystemRoot\System32\ATMFD.DLL
  0x901ED000 \SystemRoot\system32\drivers\WudfPf.sys
  0x90207000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x9024D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x9025D000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x90276000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x90288000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x902AB000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x902E6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x90313000 \??\C:\Users\Thilo\AppData\Local\Temp\ugloipod.sys
  0x77AA0000 \Windows\System32\ntdll.dll
  0x47EA0000 \Windows\System32\smss.exe
  0x77CE0000 \Windows\System32\apisetschema.dll
  0x00430000 \Windows\System32\autochk.exe
  0x77C30000 \Windows\System32\usp10.dll
  0x77960000 \Windows\System32\urlmon.dll
  0x77860000 \Windows\System32\wininet.dll
  0x77660000 \Windows\System32\iertutil.dll
  0x77590000 \Windows\System32\msctf.dll
  0x77430000 \Windows\System32\ole32.dll
  0x77C20000 \Windows\System32\normaliz.dll
  0x77380000 \Windows\System32\rpcrt4.dll
  0x77330000 \Windows\System32\Wldap32.dll
  0x766E0000 \Windows\System32\shell32.dll
  0x76540000 \Windows\System32\setupapi.dll
  0x77BE0000 \Windows\System32\ws2_32.dll
  0x764A0000 \Windows\System32\advapi32.dll
  0x76490000 \Windows\System32\lpk.dll
  0x76440000 \Windows\System32\gdi32.dll
  0x763E0000 \Windows\System32\shlwapi.dll
  0x76380000 \Windows\System32\difxapi.dll
  0x76360000 \Windows\System32\sechost.dll
  0x762B0000 \Windows\System32\msvcrt.dll
  0x761D0000 \Windows\System32\kernel32.dll
  0x761B0000 \Windows\System32\imm32.dll
  0x760E0000 \Windows\System32\user32.dll
  0x76050000 \Windows\System32\clbcatq.dll
  0x76040000 \Windows\System32\psapi.dll
  0x76030000 \Windows\System32\nsi.dll
  0x76000000 \Windows\System32\imagehlp.dll
  0x75F80000 \Windows\System32\comdlg32.dll
  0x75EF0000 \Windows\System32\oleaut32.dll
  0x75ED0000 \Windows\System32\devobj.dll
  0x75DB0000 \Windows\System32\crypt32.dll
  0x75D80000 \Windows\System32\wintrust.dll
  0x75D30000 \Windows\System32\KernelBase.dll
  0x75CA0000 \Windows\System32\comctl32.dll
  0x75C70000 \Windows\System32\cfgmgr32.dll
  0x75C60000 \Windows\System32\msasn1.dll

Processes (total 25):
       0 System Idle Process
       4 System
     248 C:\Windows\System32\smss.exe
     336 csrss.exe
     372 C:\Windows\System32\wininit.exe
     384 csrss.exe
     440 C:\Windows\System32\services.exe
     448 C:\Windows\System32\lsass.exe
     460 C:\Windows\System32\lsm.exe
     568 C:\Windows\System32\svchost.exe
     644 C:\Windows\System32\svchost.exe
     704 C:\Windows\System32\svchost.exe
     736 C:\Windows\System32\svchost.exe
     780 C:\Windows\System32\winlogon.exe
     860 C:\Windows\System32\svchost.exe
     908 C:\Windows\System32\svchost.exe
     940 C:\Windows\System32\svchost.exe
    1036 C:\Windows\System32\svchost.exe
    1300 C:\Windows\System32\svchost.exe
    1436 C:\Windows\explorer.exe
    1492 C:\Windows\System32\ctfmon.exe
    1576 C:\Windows\System32\svchost.exe
    1852 C:\Program Files\Mozilla Firefox\firefox.exe
    1948 C:\Users\Thilo\Downloads\MBRCheck.exe
    1464 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`82e00200  (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK3252GSX, Rev: LV011E  

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

03.04.2011, 15:27	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	MS Removal Tool, Bildschrim bleibt schwarz Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind. Der abgesicherte Modus funktioniert noch? __________________ __________________

03.04.2011, 17:07	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	MS Removal Tool, Bildschrim bleibt schwarz Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html __________________ Logfiles bitte immer in CODE-Tags posten

MS Removal Tool, Bildschrim bleibt schwarz

Plagegeister aller Art und deren Bekämpfung: MS Removal Tool, Bildschrim bleibt schwarz